Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481)
2.5.6
BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455)
Fixed metapackages showing their install path as the root package's path instead of empty (#11455)
Fixed lock file verification on install to deal better with replace/provide (#11475)
Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405)
Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08)
Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
Fixed support for plugin classes being marked as readonly (#11404)
Fixed getmypid being required as it is not always available (#11401)
Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)
2.5.5
Fixed basic auth failures resulting in infinite retry loop (#11320)
Fixed archive command including an existing archive into itself if run repeatedly (#11239)
Fixed dev package prompt in require not appearing in some conditions (#11287)
2.5.1
Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237)
Fixed preg type error in svn version guessing (#11231)
2.5.0
BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
Improved version selection in archive command (#11230)
Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
Added autocompletion of config option names in the config command (#11130)
Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481)
[2.5.6] 2023-05-24
BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455)
Fixed metapackages showing their install path as the root package's path instead of empty (#11455)
Fixed lock file verification on install to deal better with replace/provide (#11475)
Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405)
Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08)
Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
Fixed support for plugin classes being marked as readonly (#11404)
Fixed getmypid being required as it is not always available (#11401)
Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)
[2.5.5] 2023-03-21
Fixed basic auth failures resulting in infinite retry loop (#11320)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps composer/composer from 2.4.2 to 2.5.7.
Release notes
Sourced from composer/composer's releases.
... (truncated)
Changelog
Sourced from composer/composer's changelog.
... (truncated)
Commits
d477018
Release 2.5.7b982883
Update changelog33c293a
Fix autoload regression with metapackage dependencies (#11481)4893b67
Reverting release version changesf7c05db
Release 2.5.63ab8310
Update changelog2365438
Fix lock file verification to take into account root provider/replacers and o...9d965b9
Fix authentication issues with private bitbucket repos (#11464)9885d23
Ensure stripos() receives a stringe51d755
Fix numeric default-branches with v prefix (e.g. v2.x-dev) being treated as n...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)